EventSentry v3.3 - Affordable SIEM tool

NETIKUS EventSentry is a Windows Server-based security information and event management (SIEM) solution that offers real-time server monitoring with a sophisticated and secure event and log management system. The software presents network and system performance metrics through a "single pane of glass."

When I entered the IT field full time in 1997, managing server health, parsing system logs, and monitoring the network were "good ideas," which meant that I did so only when forced to when something went wrong.

In 21st-century IT, you manage disparate systems that exist both on-premises in different sites and probably in one or more public clouds as well. Your shop may be subject to industry and/or governmental compliance requirements that make event and log management a requirement and not optional.

Today, I'd like to show you EventSentry by NETIKUS.NET. EventSentry is a Windows Server-based security information and event management (SIEM) solution that provides real-time reporting and alerting of your network and its hosts.

To get started, I visited the EventSentry website and registered for the free 30-day trial. The installer arrived as a single 140 MB executable. The only relevant choice during installation concerned the database as the figure below shows. EventSentry will install a local PostgreSQL instance if you don't point to an existing SQL Server, MySQL, PostgreSQL, or Oracle database server.

Selecting a database

The post-installation setup consists of the following configuration steps:

Decide on an e-mail alert volume. You can always change the alert frequency later.

As you can see in the above screenshot, this solution has many moving parts. In this review, we'll keep things simple and prepare a single host. To do that, we select a computer group under the Computer Groups node, and click Add in the Manage Hosts section of the Groups ribbon.

After adding the computer to EventSentry, click Assign Packages to customize the metrics you'll retrieve from the new managed host. The figure below displays a composite screenshot of the node deployment process.

Deploying the EventSentry agent

Of course, you have great flexibility in which event log, log file, system health, or compliance tracking packages you can use. Consult the product documentation for details.

Whereas the EventSentry Management Console is where we configure our monitoring environment, the EventSentry Web Reports portal is where we view the actual data. Installation will prompt you to choose an HTTP listener port; open your trusty web browser and log in to the portal.

On first launch, you'll test database connectivity and define admin (super user) credentials. You can then view the dashboard, as in the screenshot below. Take a deep breath--there is a lot of data to look at!

The EventSentry Web Reports dashboard

The dashboard gives you network and system health data at a glance. And yes, you can completely customize which elements appear on the default dashboard. You can also create additional dashboards to display differently targeted data and share those dashboards with other users or management.

Compliance: Gain insight on network logons, policy changes, and account adjustments to comply with regulations such as HIPAA, SOX, PCI-DSS, GLBA, and FISMA.

Inventory: List your hardware assets along with installed software and system updates.

Reports: Run pre-built reports covering general-purpose and compliance scenarios. In addition to viewing reports in the web portal, you can export report data in PDF or CSV format. You also can programmatically interact with reports by using the EventSentry API.

Viewing event log data

To get a feel for how powerful the EventSentry reporting system is, I encourage you to check out the live demo on the EventSentry website.

If you're like me, then you're busy and don't have time every workday to inspect your monitoring dashboards. Instead, I want the monitoring solution to alert me proactively when its sensors detect important events.

EventSentry can alert you in a number of different ways, including, but not limited to the following:

E-mail

HTTP API

instant message

network notification

pager

text file

One of the things that sets EventSentry apart are its intuitive and enhance email alerts, which are augmented with contextual information that make troubleshooting an issue significantly easier. For example, Kerberos and cryptic security error codes are automatically resolved in audit alerts, and IP addresses are supplemented with GEO IP information and a hostname (reverse lookup) whenever possible. Performance alerts have an intuitive chart embedded, and every email contains a status footer with information about the host which generated the alert – including the uptime, system metrics, a list of currently logged on users just to name a few.

GeoIP enhanced email alert

You can configure alert rules at the package level. Recall that "packages" define your monitoring metrics. For example, the screenshot below shows you the Disk Space Monitoring metric; you'll see that we can set alerts when a node's disk free space percentage reaches a particular number.

Creating an alert rule

The Actions section of the EventSentry Management Console allows you to configure notification actions that take place when a package metric triggers an alert. The screenshot below displays what this looks like.

Note that your EventSentry license grants you one year of free support as well.

Overall, I found EventSentry to be a cost-effective, self-contained, and easy-to-use SIEM tool. For a business that hasn't already invested in another enterprise product, I think EventSentry may fit the bill nicely, especially for businesses under compliance requirements. But even users who already have a SIEM solution in place may want to take a look - EventSentry’s attractive price point and extensive feature set make it worthy contender.

This July, we asked for software tips from the 2017 Microsoft Office National Champions, a set of charming teens who are officially the best at using PowerPoint, Word, and Excel. The Verge recently followed these teens to the World Championship in California, where they tested their Office skills in a contest that out-nerds the spelling bee.

In order to provide industry-standard compliance with the SWIFT 2017 Standards MT release 2017, Microsoft is offering, to customer's with Software Assurance, updates to the flat-file (MT) messaging schemas used with the Microsoft BizTalk Accelerator for SWIFT. The A4SWIFT Message Pack 2017 contains the following: Re-packaging of all SWIFT FIN message types and business rules...

Independent rendering allows the browser to selectively offload graphics processing to an additional CPU thread, so they can be rendered with minimal impact to the user interface thread and the overall visible performance characteristics page, such as silk-smooth scrolling, responsive interactions, and fluid animations. This technique was pioneered in Internet Explorer 11, and is key

Azure Service Bus .NET Standard client is generally available. With it comes support for .NET Core and the .NET framework. And as mentioned in an earlier post it also supports Mono/Xamarin for cross-platform application development. This is only the start of greater things to come.

The Azure Service Bus team is extremely excited to announce general availability of our Java client library version 1.0.0. It allows customers to enjoy a solid Java experience with Azure Service Bus as it comes complete with native functionality.